微信服务号

微信订阅号

2025-4-3- 22
Home > Archive>Volume 31, Issue 2, 2020 >564-577. DOI:10.13328/j.cnki.jos.005615
PDF HTML XML Export Cite reminder
Quantification Method for Heterogeneity on Web Server with Mimic Construction
Author:
Affiliation:

Clc Number:

TP302

Fund Project:

National Natural Science Foundation of China(61472447); National Key Research and Development Program of China (2016YFB0800104); Research Project of Shanghai Municipal Science and Technology Commission (16DZ1120502)

  • Article
    • | |
  • Metrics
    • |
  • Reference [49]
    • |
  • Related [20]
    • | | |
  • Comments
    Abstract:

    The Web server with mimic construction is a new Web security defense system based on the principle of mimic defence. It uses the heterogeneity, dynamics, redundancy, and other characteristics to block or disrupt network attacks to control the security risk of the system. This study analyzes how heterogeneity can improve the security of the Web server with mimic construction and points out the importance of quantification of heterogeneity. Based on the quantification methods of biodiversity, this study defines the heterogeneity of the Web servers with mimic construction as the complexity and disparity of its execution set, proposes a quantification method that is suitable for quantitative heterogeneity, and analyzes the factors that influence heterogeneity of the Web servers with mimic construction. This study provides a new method for quantitative assessment of mimic defence in theory, and provides guidance for choosing the redundancy, components, and execution in practice. The experimental results show that the proposed method is more suitable for quantifying the heterogeneity of Web server with mimic construction than the Shannon-Wiener index and Simpson index.

    Reference
    [1] Birman KP, Schneider FB. The monoculture risk put into context. Security & Privacy, 2009,7(1):14-17.
    [2] Kewley DL, Bouchard JF. DARPA information assurance program dynamic defense experiment summary. IEEE Trans. on Systems, Man, and Cybernetics-Part A:Systems and Humans, 2001,31(4):331-336.
    [3] Jajodia S, Ghosh AK, Swarup V, et al. Moving Target Defense:Creating Asymmetric Uncertainty for Cyber Threats. New York:Springer-Verlag, 2011.
    [4] Cai GL, Wang BS, Wang TZ, et al. Research and developmentof moving target defense technology. Journal of Computer Research and Development, 2016,53(5):968-987(in Chinese with English abstract).
    [5] Wu JX. Meaning and vision of mimic computing and mimic security defense. Telecommunications Science, 2014,30(7):1-7(in Chinese with English abstract).
    [6] Wu JX, Zhang F, Luo XG. Mimic computing and mimic security defense. Communications of the CCF, 2015,11(1):8-14(in Chinese with English abstract).
    [7] Tong Q, Zhang Z, Zhang WH, Wu JX. Design and implementation of mimic defense Web server. Ruan Jian Xue Bao/Journal of Software, 2017,28(4):883-897(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5192.htm[doi:10.13328/j.cnki. jos.005192]
    [8] Zhang Z, Ma BL, Wu JX. The test and analysis of prototype of mimic defense in Web servers. Journal of Cyber Security, 2017,2(1):13-28(in Chinese with English abstract).
    [9] Shao CS, Lou W, Yan LM. Optimization of algorithm of similarity measurement in high-dimensional data. Computer Technology and Development, 2011,21(2):1-4(in Chinese with English abstract).
    [10] Mitra P, Murthy CA, Pal SK. Unsupervised feature selection using feature similarity. IEEE Trans. on Pattern Analysis & Machine Intelligence, 2002,24(3):301-312.
    [11] Pincus SM. Approximate entropy as a measure of system complexity. Proc. of the National Academy of Sciences of the United States of America, 1991,88(6):2297-2301.
    [12] Salako K, Strigini L. When does "diversity" in development reduce common failures? Insights from probabilistic modeling. IEEE Trans. on Dependable and Secure Computing, 2014,11(2):193-206.
    [13] Jain AK, Dubes RC. Algorithms for Clustering Data. Englewood Cliffs:Prentice Hall, 1988.
    [14] Yu H, Zhao YL, Cui K, et al. Community detection algorithm based on cross-entropy method. Chinese Journal of Computers, 2015, 38(8):1574-1581(in Chinese with English abstract).
    [15] Xu ZM, Li D, Liu T, et al. Measuring similarity between microblog users and its application. Chinese Journal of Computers, 2014, 37(1):207-218(in Chinese with English abstract).
    [16] Luo HL, Kong FS, Li YX. An analysis of diversity measures in clustering ensembles. Chinese Journal of Computers, 2007,30(8):1315-1324(in Chinese with English abstract).
    [17] Xi RR, Yun XC, Zhang YZ, at el. An improved quantitative evaluation method for network security. Chinese Journal of Computers, 2015,38(4):749-758(in Chinese with English abstract).
    [18] Ram M. On system reliability approaches:A brief survey. Int'l Journal of System Assurance Engineering and Management, 2013, 4(2):101-117.
    [19] Avritzer A, Czekster RM, Distefano S, et al. Software aging and rejuvenation for increased resilience:modeling, analysis and applications. In:Proc. of the Resilience Assessment and Evaluation of Computing Systems. Berlin, Heidelberg:Springer-Verlag, 2012. 167-183.
    [20] Wu JX. Research on cyber mimic defense. Journal of Cyber Security, 2016,1(4):1-10(in Chinese with English abstract).
    [21] Zhang JX, Pang JM, Zhang Z, Tai M, Liu H. QoS quantification method for Web server with mimic construction. Computer Science, 2019,46(11):109-118(in Chinese with English abstract).
    [22] Zhang JX, Pang JM, Zhang Z, Tai M, Zhang H, Nie GL. Executors scheduling algorithm for Web server with mimic structure. Computer Engineering, 2019,45(8):14-21(in Chinese with English abstract).
    [23] Zhang JX, Pang JM, Zhang Z, Tai M, Liu H. Heterogeneity quantization method of cyberspace security system based on dissimilar redundancy structure. Journal of Electronics and Information Technology, 2019,41(7):1594-1600(in Chinese with English abstract).
    [24] Han J, Zang BY. Analyzing the effectiveness of software diversity for system security. Computer Applications and Software, 2010, 27(9):273-275(in Chinese with English abstract).
    [25] Twu P, Mostofi Y, Egerstedt M. A measure of heterogeneity in multi-agent systems. In:Proc. of the American Control Conf. IEEE, 2014. 3972-3977.
    [26] Rao CR. Diversity and dissimilarity coefficients:A unified approach. Theoretical Population Biology, 1982,21(1):24-43.
    [27] Ding N, Yang W, Zhou Y, et al. Different responses of functional traits and diversity of stream macroinvertebrates to environmental and spatial factors in the Xishuangbanna watershed of the upper Mekong River Basin, China. Science of the Total Environment, 2017,574:288-299.
    [28] Liu ZJ. Bootstrapping one way analysis of Rao's quadratic entropy. Communication in Statistics-Theory and Methods, 2007,20(20):1683-1703.
    [29] Botta-Dukát Z. Rao's quadratic entropy as a measure of functional diversity based on multiple traits. Journal of Vegetation Science, 2010,16(5):533-540.
    [30] Chen L, Avizienis A. N-version programming:A fault-tolerance approach to reliability of software operation. In:Proc. of the 8th Int'l Conf. on Fault Tolerant Computing. 1978. 3-9.
    [31] Gashi I, Popov P. Rephrasing rules for off-the-shelf SQL database servers. In:Proc. of the European Dependable Computing Conf. IEEE Computer Society, 2006. 139-148.
    [32] Luo L, Ming J, Wu D, et al. Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection. In:Proc. of the ACM Sigsoft Int'l Symp. on Foundations of Software Engineering. ACM, 2014. 389-400.
    [33] Jhi YC, Jia X, Wang X, et al. Program characterization using runtime values and its application to software plagiarism detection. IEEE Trans. on Software Engineering, 2015,41(9):925-943.
    附中文参考文献:
    [4] 蔡桂林,王宝生,王天佐,等.移动目标防御技术研究进展.计算机研究与发展,2016,53(5):968-987.
    [5] 邬江兴.专题导读——拟态计算与拟态防御的原意和愿景.电信科学,2014,30(7):1-7.
    [6] 邬江兴,张帆,罗兴国.拟态计算与拟态安全防御,中国计算机学会通讯,2015,11(1):8-14.
    [7] 仝青,张铮,张为华,邬江兴.拟态防御Web服务器设计与实现.软件学报,2017,28(4):883-897. http://www.jos.org.cn/1000-9825/5192.htm[doi:10.13328/j.cnki.jos.005192]
    [8] 张铮,马博林,邬江兴.Web服务器拟态防御原理验证系统测试与分析.信息安全学报,2017,2(1):13-28.
    [9] 邵昌昇,楼巍,严利民.高维数据中的相似性度量算法的改进.计算机技术与发展,2011,21(2):1-4.
    [14] 于海,赵玉丽,崔坤,等.一种基于交叉熵的社区发现算法.计算机学报,2015,38(8):1574-1581.
    [15] 徐志明,李栋,刘挺,等.微博用户的相似性度量及其应用.计算机学报,2014,37(1):207-218.
    [16] 罗会兰,孔繁胜,李一啸.聚类集成中的差异性度量研究.计算机学报,2007,30(8):1315-1324.
    [17] 席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法.计算机学报,2015,38(4):749-758.
    [20] 邬江兴.网络空间拟态防御研究.信息安全学报,2016,1(4):1-10.
    [21] 张杰鑫,庞建民,张铮,邰铭,刘浩.拟态构造Web服务器的服务质量量化方法.计算机科学,2019,46(11):109-118.
    [22] 张杰鑫,庞建民,张铮,邰铭,张浩,聂广来.面向拟态构造Web服务器的执行体调度算法.计算机工程,2019,45(8):14-21.
    [23] 张杰鑫,庞建民,张铮,邰铭,刘浩.基于非相似余度架构的网络空间安全系统异构性量化方法.电子与信息学报,2019,41(7):1594-1600.
    [24] 韩进,臧斌宇.软件相异性对于系统安全的有效性分析.计算机应用与软件,2010,27(9):273-275.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

张杰鑫,庞建民,张铮.拟态构造的Web服务器异构性量化方法.软件学报,2020,31(2):564-577

Copy
Share
Article Metrics
  • Abstract:1800
  • PDF: 4569
  • HTML: 1893
  • Cited by: 0
History
  • Received:December 13,2017
  • Revised:May 09,2018
  • Online: February 17,2020
  • Published: February 06,2020
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2032479Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063